CVE-2005-0607

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0607
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
devellion / cubecart	2.0.3	2.0.3.x
devellion / cubecart	2.0.1	2.0.1.x
devellion / cubecart	2.0.2	2.0.2.x
devellion / cubecart	2.0.5	2.0.5.x
devellion / cubecart	2.0.0	2.0.0.x

http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html
http://securitytracker.com/id?1013304
http://www.cubecart.com/site/forums/index.php?showtopic=6032
https://exchange.xforce.ibmcloud.com/vulnerabilities/20638

Vulnerability Database

290,300

CVE-2005-0607